Package org.camunda.bpm.engine
Interface IdentityService
-
- All Known Implementing Classes:
IdentityServiceImpl
public interface IdentityService
- Author:
- Tom Baeyens, Daniel Meyer
-
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description boolean
checkPassword(java.lang.String userId, java.lang.String password)
Checks if the password is valid for the given user.PasswordPolicyResult
checkPasswordAgainstPolicy(java.lang.String password)
Check a given password against the configuredPasswordPolicy
.PasswordPolicyResult
checkPasswordAgainstPolicy(java.lang.String candidatePassword, User user)
Check a given password against the configuredPasswordPolicy
.PasswordPolicyResult
checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String password)
Check a given password against a givenPasswordPolicy
.PasswordPolicyResult
checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String candidatePassword, User user)
Check a given password against a givenPasswordPolicy
.void
clearAuthentication()
Allows clearing the current authentication.GroupQuery
createGroupQuery()
Creates aGroupQuery
thats allows to programmatically query the groups.void
createMembership(java.lang.String userId, java.lang.String groupId)
NativeUserQuery
createNativeUserQuery()
Creates aNativeUserQuery
that allows to select users with native queries.void
createTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Creates a new membership between the given group and tenant.TenantQuery
createTenantQuery()
Creates aTenantQuery
thats allows to programmatically query the tenants.void
createTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Creates a new membership between the given user and tenant.UserQuery
createUserQuery()
Creates aUserQuery
that allows to programmatically query the users.void
deleteGroup(java.lang.String groupId)
Deletes the group.void
deleteMembership(java.lang.String userId, java.lang.String groupId)
Delete the membership of the user in the group.void
deleteTenant(java.lang.String tenantId)
Deletes the tenant.void
deleteTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Deletes the membership between the given group and tenant.void
deleteTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Deletes the membership between the given user and tenant.void
deleteUser(java.lang.String userId)
void
deleteUserAccount(java.lang.String userId, java.lang.String accountName)
Deprecated.void
deleteUserInfo(java.lang.String userId, java.lang.String key)
Delete an entry of the generic extensibility key-value pairs associated with a uservoid
deleteUserPicture(java.lang.String userId)
Deletes the picture for a given user.Authentication
getCurrentAuthentication()
PasswordPolicy
getPasswordPolicy()
Returns thePasswordPolicy
that is currently configured in the engine.Account
getUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName)
Deprecated.java.util.List<java.lang.String>
getUserAccountNames(java.lang.String userId)
Deprecated.java.lang.String
getUserInfo(java.lang.String userId, java.lang.String key)
Generic extensibility key-value pairs associated with a userjava.util.List<java.lang.String>
getUserInfoKeys(java.lang.String userId)
Generic extensibility keys associated with a userPicture
getUserPicture(java.lang.String userId)
Retrieves the picture for a given user.boolean
isReadOnly()
Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.Group
newGroup(java.lang.String groupId)
Creates a new group.Tenant
newTenant(java.lang.String tenantId)
Creates a new tenant.User
newUser(java.lang.String userId)
Creates a new user.void
saveGroup(Group group)
Saves the group.void
saveTenant(Tenant tenant)
Saves the tenant.void
saveUser(User user)
Saves the user.void
setAuthenticatedUserId(java.lang.String authenticatedUserId)
Passes the authenticated user id for this thread.void
setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups)
Passes the authenticated user id and groupIds for this thread.void
setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups, java.util.List<java.lang.String> tenantIds)
Passes the authenticated user id, group ids and tenant ids for this thread.void
setAuthentication(Authentication currentAuthentication)
void
setUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName, java.lang.String accountUsername, java.lang.String accountPassword, java.util.Map<java.lang.String,java.lang.String> accountDetails)
Deprecated.void
setUserInfo(java.lang.String userId, java.lang.String key, java.lang.String value)
Generic extensibility key-value pairs associated with a uservoid
setUserPicture(java.lang.String userId, Picture picture)
Sets the picture for a given user.void
unlockUser(java.lang.String userId)
-
-
-
Method Detail
-
isReadOnly
boolean isReadOnly()
Allows to inquire whether this identity service implementation provides read-only access to the user repository, false otherwise.
Read only identity service implementations do not support the following methods:-
newUser(String)
-
saveUser(User)
-
deleteUser(String)
-
newGroup(String)
-
saveGroup(Group)
-
deleteGroup(String)
-
newTenant(String)
-
saveTenant(Tenant)
-
deleteTenant(String)
-
createMembership(String, String)
-
deleteMembership(String, String)
-
createTenantUserMembership(String, String)
-
createTenantGroupMembership(String, String)
-
deleteTenantUserMembership(String, String)
-
deleteTenantGroupMembership(String, String)
If these methods are invoked on a read-only identity service implementation, the invocation will throw an
UnsupportedOperationException
.- Returns:
- true if this identity service implementation provides read-only access to the user repository, false otherwise.
-
-
newUser
User newUser(java.lang.String userId)
Creates a new user. The user is transient and must be saved usingsaveUser(User)
.- Parameters:
userId
- id for the new user, cannot be null.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.USER
.
-
saveUser
void saveUser(User user)
Saves the user. If the user already existed, the user is updated.- Parameters:
user
- user to save, cannot be null.- Throws:
ProcessEngineException
- whenProcessEngineConfiguration.enablePasswordPolicy
istrue
and password violates password policyProcessEngineException
- when user id violates:java.lang.RuntimeException
- when a user with the same name already exists.java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.UPDATE
permissions onResources.USER
(update existing user) or if user has noPermissions.CREATE
permissions onResources.USER
(save new user).
-
createUserQuery
UserQuery createUserQuery()
Creates aUserQuery
that allows to programmatically query the users.
-
deleteUser
void deleteUser(java.lang.String userId)
- Parameters:
userId
- id of user to delete, cannot be null. When an id is passed for an unexisting user, this operation is ignored.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.USER
.
-
unlockUser
void unlockUser(java.lang.String userId)
-
newGroup
Group newGroup(java.lang.String groupId)
Creates a new group. The group is transient and must be saved usingsaveGroup(Group)
.- Parameters:
groupId
- id for the new group, cannot be null.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.GROUP
.
-
createNativeUserQuery
NativeUserQuery createNativeUserQuery()
Creates aNativeUserQuery
that allows to select users with native queries.- Returns:
- NativeUserQuery
-
createGroupQuery
GroupQuery createGroupQuery()
Creates aGroupQuery
thats allows to programmatically query the groups.
-
saveGroup
void saveGroup(Group group)
Saves the group. If the group already existed, the group is updated.- Parameters:
group
- group to save. Cannot be null.- Throws:
ProcessEngineException
- when group id violates:java.lang.RuntimeException
- when a group with the same name already exists.java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.UPDATE
permissions onResources.GROUP
(update existing group) or if user has noPermissions.CREATE
permissions onResources.GROUP
(save new group).
-
deleteGroup
void deleteGroup(java.lang.String groupId)
Deletes the group. When no group exists with the given id, this operation is ignored.- Parameters:
groupId
- id of the group that should be deleted, cannot be null.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.GROUP
.
-
createMembership
void createMembership(java.lang.String userId, java.lang.String groupId)
- Parameters:
userId
- the userId, cannot be null.groupId
- the groupId, cannot be null.- Throws:
java.lang.RuntimeException
- when the given user or group doesn't exist or when the user is already member of the group.java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.GROUP_MEMBERSHIP
.
-
deleteMembership
void deleteMembership(java.lang.String userId, java.lang.String groupId)
Delete the membership of the user in the group. When the group or user don't exist or when the user is not a member of the group, this operation is ignored.- Parameters:
userId
- the user's id, cannot be null.groupId
- the group's id, cannot be null.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.GROUP_MEMBERSHIP
.
-
newTenant
Tenant newTenant(java.lang.String tenantId)
Creates a new tenant. The tenant is transient and must be saved usingsaveTenant(Tenant)
.- Parameters:
tenantId
- id for the new tenant, cannot benull
.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.TENANT
.
-
createTenantQuery
TenantQuery createTenantQuery()
Creates aTenantQuery
thats allows to programmatically query the tenants.
-
saveTenant
void saveTenant(Tenant tenant)
Saves the tenant. If the tenant already existed, it is updated.- Parameters:
tenant
- the tenant to save. Cannot benull
.- Throws:
ProcessEngineException
- when tenant id violates:java.lang.RuntimeException
- when a tenant with the same name already exists.java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.UPDATE
permissions onResources.TENANT
(update existing tenant) or if user has noPermissions.CREATE
permissions onResources.TENANT
(save new tenant).
-
deleteTenant
void deleteTenant(java.lang.String tenantId)
Deletes the tenant. When no tenant exists with the given id, this operation is ignored.- Parameters:
tenantId
- id of the tenant that should be deleted, cannot benull
.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.TENANT
.
-
createTenantUserMembership
void createTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Creates a new membership between the given user and tenant.- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.- Throws:
java.lang.RuntimeException
- when the given tenant or user doesn't exist or the user is already a member of this tenant.java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.TENANT_MEMBERSHIP
.
-
createTenantGroupMembership
void createTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Creates a new membership between the given group and tenant.- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.- Throws:
java.lang.RuntimeException
- when the given tenant or group doesn't exist or when the group is already a member of this tenant.java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.CREATE
permissions onResources.TENANT_MEMBERSHIP
.
-
deleteTenantUserMembership
void deleteTenantUserMembership(java.lang.String tenantId, java.lang.String userId)
Deletes the membership between the given user and tenant. The operation is ignored when the given user, tenant or membership don't exist.- Parameters:
tenantId
- the id of the tenant, cannot be null.userId
- the id of the user, cannot be null.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.TENANT_MEMBERSHIP
.
-
deleteTenantGroupMembership
void deleteTenantGroupMembership(java.lang.String tenantId, java.lang.String groupId)
Deletes the membership between the given group and tenant. The operation is ignored when the given group, tenant or membership don't exist.- Parameters:
tenantId
- the id of the tenant, cannot be null.groupId
- the id of the group, cannot be null.- Throws:
java.lang.UnsupportedOperationException
- if identity service implementation is read only. SeeisReadOnly()
AuthorizationException
- if the user has noPermissions.DELETE
permissions onResources.TENANT_MEMBERSHIP
.
-
checkPassword
boolean checkPassword(java.lang.String userId, java.lang.String password)
Checks if the password is valid for the given user. Arguments userId and password are nullsafe.
-
checkPasswordAgainstPolicy
PasswordPolicyResult checkPasswordAgainstPolicy(java.lang.String password)
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
password
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
PasswordPolicyResult checkPasswordAgainstPolicy(java.lang.String candidatePassword, User user)
Check a given password against the configuredPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
candidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String password)
Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
policy
- thePasswordPolicy
against which the password is testedpassword
- the password that should be tested- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
checkPasswordAgainstPolicy
PasswordPolicyResult checkPasswordAgainstPolicy(PasswordPolicy policy, java.lang.String candidatePassword, User user)
Check a given password against a givenPasswordPolicy
. The result is returned asPasswordPolicyResult
which contains all passed and violated rules as well as a flag indicating if the password is valid.- Parameters:
policy
- thePasswordPolicy
against which the password is testedcandidatePassword
- which is checked against a password policyuser
- to be taken into account when checking the candidate password- Returns:
- a
PasswordPolicyResult
containing passed and failed rules
-
getPasswordPolicy
PasswordPolicy getPasswordPolicy()
Returns thePasswordPolicy
that is currently configured in the engine.- Returns:
- the current
PasswordPolicy
ornull
if no policy is set or the configured policy is disabled.
-
setAuthenticatedUserId
void setAuthenticatedUserId(java.lang.String authenticatedUserId)
Passes the authenticated user id for this thread. All service method (from any service) invocations done by the same thread will have access to this authenticatedUserId. Should be followed by a call toclearAuthentication()
once the interaction is terminated.- Parameters:
authenticatedUserId
- the id of the current user.
-
setAuthentication
void setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups)
Passes the authenticated user id and groupIds for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toclearAuthentication()
once the interaction is terminated.- Parameters:
authenticatedUserId
- the id of the current user.groups
- the groups of the current user.
-
setAuthentication
void setAuthentication(java.lang.String userId, java.util.List<java.lang.String> groups, java.util.List<java.lang.String> tenantIds)
Passes the authenticated user id, group ids and tenant ids for this thread. All service method (from any service) invocations done by the same thread will have access to this authentication. Should be followed by a call toclearAuthentication()
once the interaction is terminated.- Parameters:
userId
- the id of the current user.groups
- the groups of the current user.tenantIds
- the tenants of the current user.
-
setAuthentication
void setAuthentication(Authentication currentAuthentication)
- Parameters:
currentAuthentication
-
-
getCurrentAuthentication
Authentication getCurrentAuthentication()
- Returns:
- the current authentication for this process engine.
-
clearAuthentication
void clearAuthentication()
Allows clearing the current authentication. Does not throw exception if no authentication exists.
-
setUserPicture
void setUserPicture(java.lang.String userId, Picture picture)
Sets the picture for a given user.- Parameters:
picture
- can be null to delete the picture.- Throws:
ProcessEngineException
- if the user doesn't exist.
-
getUserPicture
Picture getUserPicture(java.lang.String userId)
Retrieves the picture for a given user.- Throws:
ProcessEngineException
- if the user doesn't exist.
-
deleteUserPicture
void deleteUserPicture(java.lang.String userId)
Deletes the picture for a given user. If the user does not have a picture or if the user doesn't exists the call is ignored.- Throws:
ProcessEngineException
- if the user doesn't exist.
-
setUserInfo
void setUserInfo(java.lang.String userId, java.lang.String key, java.lang.String value)
Generic extensibility key-value pairs associated with a user
-
getUserInfo
java.lang.String getUserInfo(java.lang.String userId, java.lang.String key)
Generic extensibility key-value pairs associated with a user
-
getUserInfoKeys
java.util.List<java.lang.String> getUserInfoKeys(java.lang.String userId)
Generic extensibility keys associated with a user
-
deleteUserInfo
void deleteUserInfo(java.lang.String userId, java.lang.String key)
Delete an entry of the generic extensibility key-value pairs associated with a user
-
setUserAccount
@Deprecated void setUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName, java.lang.String accountUsername, java.lang.String accountPassword, java.util.Map<java.lang.String,java.lang.String> accountDetails)
Deprecated.Store account information for a remote system
-
getUserAccountNames
@Deprecated java.util.List<java.lang.String> getUserAccountNames(java.lang.String userId)
Deprecated.Get account names associated with the given user
-
getUserAccount
@Deprecated Account getUserAccount(java.lang.String userId, java.lang.String userPassword, java.lang.String accountName)
Deprecated.Get account information associated with a user
-
deleteUserAccount
@Deprecated void deleteUserAccount(java.lang.String userId, java.lang.String accountName)
Deprecated.Delete an entry of the generic extensibility key-value pairs associated with a user
-
-